A data breach at Capital One Financial compromised the personal information of more than 100M U.S. and Canadian customers and credit card applicants, the Wall Street Journal reported Wednesday.
According to a federal criminal complaint, the breach involved a former Amazon Web Services employee who used a misconfigured firewall to break into the bank’s systems and access the customers’ sensitive data.
Among the compromised personal data were names, dates of birth, addresses, credit scores, payment history, Social Security numbers and bank account numbers. Approximately 80K account numbers and 140K Social Security numbers were exposed in the hacking incident.
Capital One said it expects to incur $100M to $150M in costs to remediate the breach.
“Insider threats are big concerns for companies and when you combine them with the talent of an engineer like this, it’s really concerning,” said Mark Testoni, CEO of SAP National Security Services and a 2019 Wash100 winner. “That is tough to prepare for because they’re more sophisticated than other insiders may be.”